Re: [P2PSIP] Mirja Kühlewind's No Objection on draft-ietf-p2psip-sip-18: (with COMMENT)

"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Fri, 22 April 2016 11:59 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8928212D9F0 for <p2psip@ietfa.amsl.com>; Fri, 22 Apr 2016 04:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.898
X-Spam-Level:
X-Spam-Status: No, score=-2.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hiY9-fPGONxG for <p2psip@ietfa.amsl.com>; Fri, 22 Apr 2016 04:59:23 -0700 (PDT)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC00412D9DB for <p2psip@ietf.org>; Fri, 22 Apr 2016 04:59:22 -0700 (PDT)
Received: (qmail 13645 invoked from network); 22 Apr 2016 13:51:59 +0200
Received: from p5dec2f05.dip0.t-ipconnect.de (HELO ?192.168.178.33?) (93.236.47.5) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 22 Apr 2016 13:51:59 +0200
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <57175558.1000403@haw-hamburg.de>
Date: Fri, 22 Apr 2016 13:52:00 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <3FB78D9E-1C71-4868-8DFD-FB9B8B7FD53B@kuehlewind.net>
References: <6c28177619b64d5abf49446a5c5ffdac@HUB01.mailcluster.haw-hamburg.de> <5713C3BF.4090804@haw-hamburg.de> <09b5fac92ad24e2dbd95bb28970805c1@HUB02.mailcluster.haw-hamburg.de> <57175558.1000403@haw-hamburg.de>
To: "Thomas C. Schmidt" <t.schmidt@haw-hamburg.de>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/p2psip/qJXT9cMTzZ4yCPXQQr1k4OyWmD4>
Cc: "p2psip-chairs@ietf.org" <p2psip-chairs@ietf.org>, "draft-ietf-p2psip-sip@ietf.org" <draft-ietf-p2psip-sip@ietf.org>, The IESG <iesg@ietf.org>, "p2psip@ietf.org" <p2psip@ietf.org>
Subject: Re: [P2PSIP] =?windows-1252?q?Mirja_K=FChlewind=27s_No_Objection_on_d?= =?windows-1252?q?raft-ietf-p2psip-sip-18=3A_=28with_COMMENT=29?=
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/p2psip/>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2016 11:59:24 -0000

Hi Thomas,

yes, you are right, no need to discuss general mechanism that apply to this doc as well as other similar mechanisms. Sorry also for actually be unclear about my concerns. My actual point is that I of course need to transfer private data (email address) but I did not see anything about encryption of this communication in the doc. (This is not about anonymity but I’ve expended to find something about encryption in the privacy section.) After a second look now, I still didn’t find anything... did I miss it?

Also, this is nit-picking, but in general saying "Methods of providing anonymity or deploying pseudonyms exist, but are beyond the scope of this document.“ seems not super helpful because it does not give any hint where someone, who’d like to apply these kind of methods, would find any further information. But I agree talking about the methods itself is out of scope.

Mirja


> Am 20.04.2016 um 12:09 schrieb Thomas C. Schmidt <t.schmidt@haw-hamburg.de>;:
> 
> Hi Mirja,
> 
> actually, I'm a bit confused about this discussion. There is plenty of work out in the wild about P2P anonymity and pseudonym services ... TOR being one prominent example. However, if I'm not mistaken, no IETF standard exists in this area so that we cannot pointer to a standard solution.
> 
> A discussion of the general state of the art in this field feels well beyond the scope of the document: This security subsection shall only make people aware of this privacy aspect. It is not meant to server as a general purpose guidance on privacy in P2P networks. ;)
> 
> Cheers,
> Thomas
> 
> On 20.04.2016 11:52, Mirja Kuehlewind (IETF) wrote:
>> Hi Thomas,
>> 
>> that’s slightly better. However, I would rather like to see a reference to a solution or a discuss of potential solution. If there is no solution, this should be stated clearly (as a warning).
>> 
>> Mirja
>> 
>> 
>>> Am 17.04.2016 um 19:11 schrieb Thomas C. Schmidt <t.schmidt@haw-hamburg.de>;:
>>> 
>>> Hi Mirja,
>>> 
>>> o.k., the text is a bit sloppy. What it probably should say is that anonymity measures are not considered here.
>>> 
>>> A proposed re-write could be:
>>> 
>>> 8.2.4.  Privacy Issues
>>> 
>>>   All RELOAD SIP registration data is visible to all nodes in the
>>>   overlay. Location privacy can be gained from using
>>>   anonymous GRUUs. Methods of providing anonymity or deploying
>>>   pseudonyms exist, but are beyond the scope of this document.
>>> 
>>> Would you agree on that?
>>> 
>>> Thomas
>>> 
>>> On 15.04.2016 22:56, Mirja Kuehlewind wrote:
>>>> Mirja Kühlewind has entered the following ballot position for
>>>> draft-ietf-p2psip-sip-18: No Objection
>>>> 
>>>> When responding, please keep the subject line intact and reply to all
>>>> email addresses included in the To and CC lines. (Feel free to cut this
>>>> introductory paragraph, however.)
>>>> 
>>>> 
>>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>> for more information about IESG DISCUSS and COMMENT positions.
>>>> 
>>>> 
>>>> The document, along with other ballot positions, can be found here:
>>>> https://datatracker.ietf.org/doc/draft-ietf-p2psip-sip/
>>>> 
>>>> 
>>>> 
>>>> ----------------------------------------------------------------------
>>>> COMMENT:
>>>> ----------------------------------------------------------------------
>>>> 
>>>> The privacy issues text in the security consideration section sounds not
>>>> very convincing:
>>>> 
>>>> 8.2.4.  Privacy Issues
>>>> 
>>>>    All RELOAD SIP registration data is visible to all nodes in the
>>>>    overlay.  Methods of providing location and identity privacy are
>>>>    still being studied.  Location privacy can be gained from using
>>>>    anonymous GRUUs.
>>>> 
>>>> Can you give more details or a reference regarding the methods that are
>>>> still under study?
>>>> 
>>> 
>>> --
>>> 
>>> Prof. Dr. Thomas C. Schmidt
>>> ° Hamburg University of Applied Sciences                   Berliner Tor 7 °
>>> ° Dept. Informatik, Internet Technologies Group    20099 Hamburg, Germany °
>>> ° http://www.haw-hamburg.de/inet                   Fon: +49-40-42875-8452 °
>>> ° http://www.informatik.haw-hamburg.de/~schmidt    Fax: +49-40-42875-8409 °
>>> 
> 
> -- 
> 
> Prof. Dr. Thomas C. Schmidt
> ° Hamburg University of Applied Sciences                   Berliner Tor 7 °
> ° Dept. Informatik, Internet Technologies Group    20099 Hamburg, Germany °
> ° http://www.haw-hamburg.de/inet                   Fon: +49-40-42875-8452 °
> ° http://www.informatik.haw-hamburg.de/~schmidt    Fax: +49-40-42875-8409 °